<?php
// include function files for this application
require_once('/home/domains/uny-con.com/public_html/uny-con_fns.php');
// start session which may be needed later
// start it now because it must go before headers
if (!session_id()) { session_start(); }



if (!check_valid_user()) {
	// they are not logged in 
	do_html_header('You must be logged in', staysmall, $uny);
	echo 'You are not logged in.<br />';
	do_html_url('login.php', 'Login');
	print_brs(24);
	do_html_footer(news);
	exit;
	}


//Get some variables

if (!empty($_GET)) {
	$values['requested_id'] = $_GET['requested_id'];
	}
if (!isset($_GET['requested_id'])) {
	$values['requested_id'] = $_SESSION['current_attendee_id'];
	}
if (!empty($_POST)) {
	$values['current_pass'] = trim($_POST['current_pass']);
	$values['new_pass'] = trim($_POST['new_pass']);
	$values['new_pass2'] = trim($_POST['new_pass2']);
	$values['requested_id'] = $_POST['requested_id'];
	}

if (empty($_POST)) {
	do_html_header('Change Password Form', staysmall, $uny);
	change_password_form($values);
	print_brs(24);
	do_html_footer(news);
	exit;
	}

// passwords not the same 
if ($values['new_pass'] != $values['new_pass2']) {
	do_html_header('Problem:', staysmall, $uny);
	echo 'The new passwords you entered do not match - please '
		 .' try again.';
	change_password_form($values);
	print_brs(24);
	do_html_footer(news);
	exit;
	}

// check password length is ok
if (strlen($values['new_pass'])<6 || strlen($values['new_pass']) >16) {
	do_html_header('Problem:', staysmall, $uny);
	echo 'Your password must be between 6 and 16 characters.'
		 .'Please try again.';
	change_password_form($values);
	print_brs(24);
	do_html_footer(news);
	exit;
	}

//things seem to be okay so lets try to set the password.

//First if an admin is coming here then they could be resetting someone elses password.
if ($_SESSION['admin'] == 't') {
	if ($_SESSION['current_attendee_id'] != $_SESSION['attendee_id']) {
		update_password($values['requested_id'], $values['new_pass']);
		$requested_id = $_SESSION['current_attendee_id'];
		header("Location: ".$conf['base_path']."registration/attendee_home.php?attendee_id=$requested_id");
		exit;
		}
	if ($_SESSION['current_attendee_id'] == $values['requested_id']) {
		update_password($values['requested_id'], $values['new_pass']);
		header("Location: ".$conf['base_path']."registration/attendee_home.php");
		exit;
		}
	}

//They are not an admin so lets update their password and send them back to attendee_home.php
if (update_password($_SESSION['attendee_id'], $values['new_pass'])) {
	header("Location: ".$conf['base_path']."registration/attendee_home.php");
	}

?>